Nuova ricerca Sophos: l’89% dei responsabili IT teme le falle dell’IA generativa
Credit to Author: Tiziana Carboni| Date: Thu, 30 Jan 2025 07:34:50 +0000
Le esperienze sul campo di 400 leader IT
Read moreSecurity
Ultimi aggiornamenti di Sophos ZTNA
Credit to Author: Chris McCormack| Date: Tue, 28 Jan 2025 07:25:06 +0000
Nuovo Let’s Encrypt e supporto regionale
Read moreSophos MDR intercetta due campagne di ransomware che utilizzano l”email bombing” e il “vishing” di Microsoft Teams
Credit to Author: Giusy Martin| Date: Thu, 23 Jan 2025 07:13:28 +0000
Sophos MDR ha inoltre identificato un nuovo cluster di minacce che si rifà allo schema di Storm-1811 e un’attività più intensa di quella originale collegata al ransomware Black Basta
Read moreGootloader: tutto quello che c’è da sapere
Credit to Author: Gabor Szappanos| Date: Tue, 21 Jan 2025 06:57:16 +0000
L’intelligence open-source rivela il codice lato server di questo malware SEO-driven
Read moreIl Patch Tuesday di gennaio con 159 CVE supera il record del singolo mese
Credit to Author: Angela Gunn| Date: Thu, 16 Jan 2025 07:30:18 +0000
Tenetevi forte… e per il momento prendete in considerazione l’idea di leggere le vostre email in chiaro
Read moreSophos MDR protegge 26.000 clienti in tutto il mondo e svela importanti novità
Credit to Author: Tiziana Carboni| Date: Tue, 14 Jan 2025 07:59:50 +0000
Cresce del 37% il parco clienti mondiale di Sophos MDR nel 2024
Read morePrioritizzazione delle patch: un’analisi approfondita di framework e strumenti – Parte 1: CVSS
Credit to Author: Matt Wixey| Date: Thu, 09 Jan 2025 07:38:33 +0000
Questo è il primo di due articoli che esplorano gli strumenti e i framework che possono aiutare le organizzazioni a stabilire le priorità di rimedio. In questo primo articolo, Sophos X-Ops analizza il Common Vulnerability Scoring System (CVSS)
Read moreCode injection attacks using publicly disclosed ASP.NET machine keys
Credit to Author: Microsoft Threat Intelligence| Date: Thu, 06 Feb 2025 18:00:00 +0000
Microsoft Threat Intelligence observed limited activity by an unattributed threat actor using a publicly available, static ASP.NET machine key to inject malicious code and deliver the Godzilla post-exploitation framework. In the course of investigating, remediating, and building protections against this activity, we observed an insecure practice whereby developers have incorporated various publicly disclosed ASP.NET machine keys from publicly accessible resources, such as code documentation and repositories, which threat actors have used to launch ViewState code injection attacks and perform malicious actions on target servers.
The post Code injection attacks using publicly disclosed ASP.NET machine keys appeared first on Microsoft Security Blog.
Read moreNew scams could abuse brief USPS suspension of inbound packages from China, Hong Kong
News about USPS suspending shipments from China and Hong Kong may give scammers some ideas to defraud consumers
Read moreDOGE Teen Owns ‘Tesla.Sexy LLC’ and Worked at Startup That Has Hired Convicted Hackers
Credit to Author: Andy Greenberg, David Gilbert, Lily Hay Newman| Date: Thu, 06 Feb 2025 07:30:20 +0000
Experts question whether Edward Coristine, a DOGE staffer who has gone by “Big Balls” online, would pass the background check typically required for access to sensitive US government systems.
Read more